What counts as an AI incident?

An AI incident is any event where an AI system causes or contributes to an unintended, harmful, or non-compliant outcome. Categories include: a vendor data breach involving personal data your AI tool processes, AI output causing harm to a user (defamatory content, discriminatory decision, dangerous advice), unauthorized access to AI systems or their outputs, shadow AI discovered in production, AI vendor sub-processor change that violates your DPA, and AI model misbehavior creating legal or reputational exposure. Not every AI error is an incident — the threshold is materiality and impact.

How long does a team have to report an AI incident?

Timelines depend on the type of incident and jurisdiction. For GDPR personal data breaches: notify your supervisory authority within 72 hours of becoming aware, if the breach is likely to result in a risk to individuals. For US state law breach notification: varies by state, typically 30-72 hours. For EU AI Act incidents (systemic risk GPAI providers): the European AI Office is finalizing notification timelines, expected to mirror GDPR's 72-hour window. Build your plan around 72 hours as the default — it covers most jurisdictions.

What is an AI tabletop exercise?

A tabletop exercise is a structured discussion where your team walks through a hypothetical AI incident scenario. No systems are actually attacked or disabled — the team talks through who does what, using the incident response plan as a guide. Common scenarios: your AI vendor notifies you of a data breach, an employee discovers an unauthorized AI tool handling customer PII, an AI hiring tool is found to have disparate impact against a protected class. A 90-minute tabletop once every six months is the minimum effective testing cadence.

What should an AI incident log contain?

Each incident should be logged with: incident date and time, reporter name, description of what happened, affected systems and data types, severity assessment (critical/high/medium/low), containment actions taken, notification checklist completion status (vendor notified, legal notified, regulator notified, affected parties notified), incident owner, timeline to close, and post-incident review date. Store the log in a location all response team members can access, including during a system outage.

Who should be included in an AI incident response team?

For small teams, a three-person team is sufficient: (1) Incident Commander — decides severity, owns communication, makes containment calls (usually CEO, COO, or CTO); (2) Technical Lead — investigates what happened, implements containment, preserves evidence (usually engineering lead); (3) Legal/Compliance Contact — advises on notification obligations, vendor DPA rights, and regulatory exposure (in-house or external counsel). For teams under 10 people, one person can hold two roles, but the Incident Commander and Technical Lead should be different people.

What counts as an AI incident?

An AI incident is any event where an AI system causes or contributes to an unintended, harmful, or non-compliant outcome. Categories include: a vendor data breach involving personal data your AI tool processes, AI output causing harm to a user (defamatory content, discriminatory decision, dangerous advice), unauthorized access to AI systems or their outputs, shadow AI discovered in production, AI vendor sub-processor change that violates your DPA, and AI model misbehavior creating legal or reputational exposure. Not every AI error is an incident — the threshold is materiality and impact.

AI Incident Response Plan Template for Smal…

Person reviewing incident documentation on a laptop — AI incident response plan for small teams

A working AI incident response plan fits on two pages. This template gives you the five phases, role assignments, notification checklist, and timeline your team needs — ready to copy, fill in the blanks, and test in a 90-minute tabletop.

The 5-Phase AI Incident Response Plan

Phase 1: Detection and Reporting

Owner: Any team member who notices the incident
Timeline: Immediate — within 1 hour of discovery

What happens in Phase 1:

Someone notices something wrong and reports it. The barrier to reporting should be zero — teams that make incident reporting feel bureaucratic or punitive miss incidents.

Detection actions:

Employee or monitoring system notices the incident
Reporter contacts the Incident First Responder: [NAME] at [PHONE/SLACK]
Reporter documents the initial observation (what they saw, when, on what system)
Incident is logged in the incident tracker: [LOG LOCATION]

What counts as reportable:

AI vendor notifies you of a breach affecting your data
AI output causes or could cause harm to a user or third party
Unauthorized AI tool discovered handling personal data
AI system behaving unexpectedly in a way that affects users
Data subject complaint about an AI decision

Phase 2: Triage and Severity Assessment

Owner: Incident First Responder
Timeline: Within 2 hours of detection

What happens in Phase 2:

The first responder assesses severity and decides whether to escalate to the Incident Commander. Not every report becomes a full incident — triage is the filter.

Severity levels:

Severity	Description	Escalate to
Critical	Personal data breach affecting EU residents or breach notification obligation triggered; AI system actively causing harm; regulatory inquiry received	Incident Commander immediately
High	Vendor sub-processor change violating DPA; shadow AI handling PII discovered; AI output causing potential legal exposure	Incident Commander within 1 hour
Medium	AI tool misbehavior with no user impact; policy violation detected; vendor compliance issue without active harm	Incident Commander within 4 hours
Low	AI tool error caught by monitoring; policy question needing review	Handle at next scheduled review

Triage checklist:

Review the incident report
Assign severity level (Critical / High / Medium / Low)
Notify Incident Commander if Critical or High: [NAME] at [PHONE/SLACK]
Update the incident log with severity assessment

Phase 3: Containment and Evidence Preservation

Owner: Technical Lead
Timeline: Within 4 hours for Critical/High; within 24 hours for Medium

What happens in Phase 3:

Stop the bleeding. For a vendor breach: revoke API keys, disable the integration, and preserve a copy of the vendor notification. For an AI system misbehaving: disable the feature or route traffic away. For shadow AI: remove the tool and preserve the evidence of how it was used.

Containment actions (adapt to incident type):

Vendor breach:

Preserve the vendor notification (screenshot or email copy)
Disable or limit the affected integration if possible
Request vendor incident report: what data was accessed, for how long, and by whom
Preserve your DPA and any relevant vendor agreements

AI system misbehavior:

Disable the AI feature or enable a fallback path
Preserve logs of the AI outputs that caused the incident
Document the scope: how many users affected, what outputs they received

Shadow AI discovery:

Document what tool was in use, who used it, and what data was processed
Remove the tool from production
Preserve evidence (screenshots, access logs if available)

All incidents:

Do not delete logs or evidence — preservation of records is required
Record containment actions taken and timestamp each action

Phase 4: Notification

Owner: Incident Commander (decides); Legal Contact (advises on obligations)
Timeline: 72 hours is the default — do not wait for full investigation

Notification checklist:

Internal:

CEO/executive team informed: [NAME] ☐ Done / Date: ______
Legal counsel informed: [NAME OR FIRM] ☐ Done / Date: ______
Board or investors (if material): ☐ Done / Date: ______

Regulatory (as applicable):

GDPR supervisory authority (if personal data breach, 72-hour window): ☐ Done / Date: ______
US state notification (if applicable, 30-72 hours): ☐ Done / Date: ______
European AI Office (if you are a GPAI provider with systemic risk): ☐ Done / Date: ______

Vendor:

Vendor notified of the incident (if the incident involves your data on their system): ☐ Done / Date: ______
Vendor DPA rights invoked if applicable (audit right, termination right): ☐ Done / Date: ______

Affected individuals (if required by GDPR Article 34 or state law):

Draft notification language reviewed by legal
Individuals notified: ☐ Done / Date: ______

Phase 5: Post-Incident Review

Owner: Incident Commander
Timeline: Within 30 days of incident closure

What happens in Phase 5:

Every incident is a learning opportunity. The post-incident review answers three questions: What happened? Why did it happen? What changes prevent recurrence?

Post-incident review checklist:

Root cause documented (not just symptoms — what failed in the process or system?)
Timeline of the incident reconstructed
What the response team did well
What the response team would do differently
Actions required: [list specific fixes, owners, deadlines]
Incident response plan updated to reflect lessons learned
Metrics updated: incident closed in the AI governance metrics dashboard

Roles and Contacts (Fill In)

Role	Name	Primary contact	Backup contact
Incident First Responder	______	______	______
Incident Commander	______	______	______
Technical Lead	______	______	______
Legal Contact	______	______	______
GDPR Supervisory Authority	[Your country's DPA]	[DPA website]	—
Vendor security contacts	[per vendor]	[from DPA or contract]	—

Keep this contact sheet in a shared, offline-accessible location (printed copy or shared drive with offline access). Do not rely solely on a system that could be affected by the incident.

Testing the Plan: 90-Minute Tabletop Exercise

The most common failure in AI incident response: the plan exists but has never been tested. Gaps surface only during an actual incident — when there is no time to find them.

Run a tabletop every 6 months. Here is a ready-to-use scenario:

Scenario: Your company uses a third-party AI tool to process customer support tickets. The vendor sends an email: "We experienced a security incident affecting customer data processed by our platform between [date range]. Data potentially exposed includes names, email addresses, and support ticket content." Your company has 3,000 EU customers whose tickets were processed during this period.

Walk your team through Phases 1–5 using this scenario. Record gaps — roles that were unclear, contacts that were missing, notification obligations that surprised the team. Update the plan before you file it away.

For agentic AI systems specifically, see the AI security incident response playbook, which covers the additional containment and rollback steps when autonomous agents are involved.

The AI governance roles guide covers how to assign the Incident Commander and First Responder roles within your existing team structure.

Person reviewing incident documentation on a laptop — AI incident response plan for small teams

The 5-Phase AI Incident Response Plan

Phase 1: Detection and Reporting

Owner: Any team member who notices the incident
Timeline: Immediate — within 1 hour of discovery

What happens in Phase 1:

Someone notices something wrong and reports it. The barrier to reporting should be zero — teams that make incident reporting feel bureaucratic or punitive miss incidents.

Detection actions:

Employee or monitoring system notices the incident
Reporter contacts the Incident First Responder: [NAME] at [PHONE/SLACK]
Reporter documents the initial observation (what they saw, when, on what system)
Incident is logged in the incident tracker: [LOG LOCATION]

What counts as reportable:

AI vendor notifies you of a breach affecting your data
AI output causes or could cause harm to a user or third party
Unauthorized AI tool discovered handling personal data
AI system behaving unexpectedly in a way that affects users
Data subject complaint about an AI decision

Phase 2: Triage and Severity Assessment

Owner: Incident First Responder
Timeline: Within 2 hours of detection

What happens in Phase 2:

The first responder assesses severity and decides whether to escalate to the Incident Commander. Not every report becomes a full incident — triage is the filter.

Severity levels:

Severity	Description	Escalate to
Critical	Personal data breach affecting EU residents or breach notification obligation triggered; AI system actively causing harm; regulatory inquiry received	Incident Commander immediately
High	Vendor sub-processor change violating DPA; shadow AI handling PII discovered; AI output causing potential legal exposure	Incident Commander within 1 hour
Medium	AI tool misbehavior with no user impact; policy violation detected; vendor compliance issue without active harm	Incident Commander within 4 hours
Low	AI tool error caught by monitoring; policy question needing review	Handle at next scheduled review

Triage checklist:

Review the incident report
Assign severity level (Critical / High / Medium / Low)
Notify Incident Commander if Critical or High: [NAME] at [PHONE/SLACK]
Update the incident log with severity assessment

Phase 3: Containment and Evidence Preservation

Owner: Technical Lead
Timeline: Within 4 hours for Critical/High; within 24 hours for Medium

What happens in Phase 3:

Containment actions (adapt to incident type):

Vendor breach:

Preserve the vendor notification (screenshot or email copy)
Disable or limit the affected integration if possible
Request vendor incident report: what data was accessed, for how long, and by whom
Preserve your DPA and any relevant vendor agreements

AI system misbehavior:

Disable the AI feature or enable a fallback path
Preserve logs of the AI outputs that caused the incident
Document the scope: how many users affected, what outputs they received

Shadow AI discovery:

Document what tool was in use, who used it, and what data was processed
Remove the tool from production
Preserve evidence (screenshots, access logs if available)

All incidents:

Do not delete logs or evidence — preservation of records is required
Record containment actions taken and timestamp each action

Phase 4: Notification

Owner: Incident Commander (decides); Legal Contact (advises on obligations)
Timeline: 72 hours is the default — do not wait for full investigation

Notification checklist:

Internal:

CEO/executive team informed: [NAME] ☐ Done / Date: ______
Legal counsel informed: [NAME OR FIRM] ☐ Done / Date: ______
Board or investors (if material): ☐ Done / Date: ______

Regulatory (as applicable):

GDPR supervisory authority (if personal data breach, 72-hour window): ☐ Done / Date: ______
US state notification (if applicable, 30-72 hours): ☐ Done / Date: ______
European AI Office (if you are a GPAI provider with systemic risk): ☐ Done / Date: ______

Vendor:

Vendor notified of the incident (if the incident involves your data on their system): ☐ Done / Date: ______
Vendor DPA rights invoked if applicable (audit right, termination right): ☐ Done / Date: ______

Affected individuals (if required by GDPR Article 34 or state law):

Draft notification language reviewed by legal
Individuals notified: ☐ Done / Date: ______

Phase 5: Post-Incident Review

Owner: Incident Commander
Timeline: Within 30 days of incident closure

What happens in Phase 5:

Every incident is a learning opportunity. The post-incident review answers three questions: What happened? Why did it happen? What changes prevent recurrence?

Post-incident review checklist:

Root cause documented (not just symptoms — what failed in the process or system?)
Timeline of the incident reconstructed
What the response team did well
What the response team would do differently
Actions required: [list specific fixes, owners, deadlines]
Incident response plan updated to reflect lessons learned
Metrics updated: incident closed in the AI governance metrics dashboard

Roles and Contacts (Fill In)

Role	Name	Primary contact	Backup contact
Incident First Responder	______	______	______
Incident Commander	______	______	______
Technical Lead	______	______	______
Legal Contact	______	______	______
GDPR Supervisory Authority	[Your country's DPA]	[DPA website]	—
Vendor security contacts	[per vendor]	[from DPA or contract]	—

Keep this contact sheet in a shared, offline-accessible location (printed copy or shared drive with offline access). Do not rely solely on a system that could be affected by the incident.

Testing the Plan: 90-Minute Tabletop Exercise

The most common failure in AI incident response: the plan exists but has never been tested. Gaps surface only during an actual incident — when there is no time to find them.

Run a tabletop every 6 months. Here is a ready-to-use scenario:

Scenario: Your company uses a third-party AI tool to process customer support tickets. The vendor sends an email: "We experienced a security incident affecting customer data processed by our platform between [date range]. Data potentially exposed includes names, email addresses, and support ticket content." Your company has 3,000 EU customers whose tickets were processed during this period.

For agentic AI systems specifically, see the AI security incident response playbook, which covers the additional containment and rollback steps when autonomous agents are involved.

The AI governance roles guide covers how to assign the Incident Commander and First Responder roles within your existing team structure.

AI Incident Response Plan Template for Small Teams (2026)

The 5-Phase AI Incident Response Plan

Phase 1: Detection and Reporting

Phase 2: Triage and Severity Assessment

Phase 3: Containment and Evidence Preservation

Phase 4: Notification

Phase 5: Post-Incident Review

Roles and Contacts (Fill In)

Testing the Plan: 90-Minute Tabletop Exercise

AI Incident Response Plan Template for Small Teams (2026)

The 5-Phase AI Incident Response Plan

Phase 1: Detection and Reporting

Phase 2: Triage and Severity Assessment

Phase 3: Containment and Evidence Preservation

Phase 4: Notification

Phase 5: Post-Incident Review

Roles and Contacts (Fill In)

Testing the Plan: 90-Minute Tabletop Exercise

Get the next template in your inbox

Get the next template in your inbox